[systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file
Lennart Poettering
lennart at poettering.net
Tue Nov 29 11:56:00 UTC 2016
On Mon, 28.11.16 14:17, Stefan Berger (stefanb at linux.vnet.ibm.com) wrote:
> From: Stefan Berger <stefanb at us.ibm.com>
>
> IMA validates file signatures based on the security.ima xattr. As of
> Linux-4.7, instead of copying the IMA policy into the securityfs policy,
> the IMA policy pathname can be written, allowing the IMA policy file
> signature to be validated.
>
> This patch modifies the existing code to first attempt to write the
> pathname, but on failure falls back to copying the IMA policy
> contents.
This second patch looks good. Any chance you can submit it as a PR on
github? That's how we usually expect patches these days!
Thanks!
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list